July 31, 2012

BlackHat 2012: Vendor’s Perspective

Posted in BlackHat, Conferences tagged , , , , at 11:59 by Alex McGeorge

I was a vendor/sponsor at BlackHat 2012, here are a few things about the conference from my perspective.

Word Count: < 1000

Read the rest of this entry »

April 10, 2012

A cyber weapon

Posted in Exploits, Uncategorized at 15:22 by Alex McGeorge

There’s been a lot of discussion in the security industry recently around exploits, 0-day, ethics and how the government fits in to all of this. I disagree with some points in the recent Washington Post article, specifically how they (and presumably the Pentagon) are defining a ‘cyber weapon’ and a few other things*.

Word Count: ~850
Read the rest of this entry »

January 19, 2012

Stuff I learned while writing a CTF

Posted in education, infiltrate, Pen-Testing tagged at 16:04 by Alex McGeorge

This blog entry talks about some of the lessons I learned running the WebHacking class for Infiltrate 2012 which included a WarGame/CTF style hootenanny on the final day.

To be clear, I didn’t write the entire thing myself, I had a ton of help. Many Immunity folks contributed to this class in their spare time while also doing consulting or other work. So high fives to the following hombres in alpha order: Admin Team (Carissa and Vanessa), Chris, Dami, Dave, Justin, Leonardo, Matias, Mark, Miguel and Nico

Word Count: ~2000
Read the rest of this entry »

November 18, 2011

Book Review: A Bug Hunter’s Diary by Tobias Klein

Posted in Book Review tagged , at 18:52 by Alex McGeorge

This book is good, but it is good in a very particular way. What follows is a read-through review, I didn’t work through all the code examples.

Word Count: ~670
Read the rest of this entry »

October 12, 2011

Book Review: Reamde by Neal Stephenson

Posted in Book Review, Pen-Testing tagged , , , , at 16:22 by Alex McGeorge

I recently finished the latest Neal Stephenson book, Reamde. I really enjoyed it, stylistically I think it is most similar to Cryptonomicon and is definitely an improvement (for me) over Anathem. The book does incorporate some realistic hacking plot devices to further the story. All of my complaints are really pedantic, which is to say Stephenson executed the hacking bits very well and they do not detract from the story. My review is going to focus on those pieces of the novel. A more in depth technical look that probably contains spoilers is below.

Word Count: ~1000
Read the rest of this entry »

August 29, 2011

Personality Traits for Pen-Testers

Posted in Pen-Testing, Psychology at 16:40 by Alex McGeorge

I recently had occasion to think about some personality traits that make can good pen-testers.

Words: 486

Read the rest of this entry »

August 15, 2011

Ethical Question: 0×1

Posted in Ethical Questions at 17:01 by Alex McGeorge

Ethical Questions for Pen-Testers: 0×1

Topic: Information Disclosure
Goal of this post: Something to ponder, hopefully a recurring series
Word Count: 392

Read the rest of this entry »

August 12, 2011

Certifications and hats

Posted in Certifications, Lingo tagged at 15:13 by Alex McGeorge

Most certifications are crap, the hat color thing is ridiculous.

Word Count: 544
Read the rest of this entry »

August 1, 2011

Commercial Exploits: Documentation

Posted in Exploits, Pen-Testing at 16:47 by Alex McGeorge

I look at exploits a lot in my day-to-day, I also QA a lot of exploits both internally and for others. This is part 2 of a series on what makes a good commercial exploit.

Word Count: ~500
Read the rest of this entry »

July 25, 2011

Commercial Exploits: Capabilities

Posted in Exploits at 16:49 by Alex McGeorge

I’m in a rare position in that I get to see and use a lot of professionally written exploits as part of my job. Not all exploits are created equal, these are my thoughts on what traits a commercial exploit needs to have. Part one of at least two.

Word Count: 488
Read the rest of this entry »

Next page

Follow

Get every new post delivered to your Inbox.